SSA-18705 sudo upgrade fixes a potential vulnerability

High Nessus Plugin ID 18705


The remote host is missing a security update.


New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root.

Heres's the information from the Slackware 8.0 ChangeLog:

---------------------------- Thu Apr 25 12:00:50 PDT 2002 patches/packages/sudo.tgz: Upgraded to sudo-1.6.6.
This version of sudo fixes a security problem whereby a local user may gain root access through corruption of the heap (Off-By-Five).
This issue was discovered by Global InterSec LLC, and more information may be found on their web site: The discussion on the site indicates that this problem may only be exploitable on systems that use PAM, which Slackware does not use. However, in the absence of proof, it still seems prudent to upgrade sudo immediately.
(* Security fix *)


Update the packages that are referenced in the security advisory.

Plugin Details

Severity: High

ID: 18705

File Name: Slackware_18705.nasl

Version: $Revision: 1.8 $

Published: 2005/07/13

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

Required KB Items: Host/Slackware/release, Host/Slackware/packages